Adobe Systems warned users Tuesday that hackers could use recently-reported "clickjacking" attack tactics to secretly turn on a computer's microphone and Web camera. Flash on all platforms is susceptible to clickjacking attacks, Adobe said in an advisory posted Tuesday. By duping users into visiting a malicious Web site, hackers could hijack seemingly-innocent clicks that, in reality, would be used to grant the site access to the computer's Webcam and microphone without the user's knowledge.
"This potential 'Clickjacking' browser issue affects Adobe Flash Player 's microphone and camera access dialog," acknowledged David Lenoe, the company's security program manager, in a post to Adobe's security blog . Although a patch is not ready -- Lenoe said one would be issued by the end of October -- Adobe's advisory listed steps users can take immediately to block Webcam and microphone hijacking. Adobe recommended that users access Flash's Settings Manager using a browser to select the "Always deny" option.